Removing automatic password hashing from AuthComponent. Its a frustra…

…ting feature that often befuddles new users, and can be plain annoying sometimes. Moving hashing into FormAuthenticate. Updating tests.
cakephp · Feb 4, 2011 · fd8fb12 · fd8fb12
1 parent 23db2f0
commit fd8fb12
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 68 deletions.
diff --git a/cake/libs/controller/components/auth.php b/cake/libs/controller/components/auth.php
@@ -308,8 +308,7 @@ public function startup($controller) {
 			return false;
 		}
 		$request = $controller->request;
-
-		$this->request->data = $controller->request->data = $this->hashPasswords($request->data);
+
 		$url = '';
 
 		if (isset($request->query['url'])) {
@@ -717,30 +716,6 @@ public function constructAuthenticate() {
 		return $this->_authenticateObjects;
 	}
 
-/**
- * Hash any passwords found in $data using $userModel and $fields['password']
- *
- * @param array $data Set of data to look for passwords
- * @return array Data with passwords hashed
- * @link http://book.cakephp.org/view/1259/hashPasswords
- */
-	public function hashPasswords($data) {
-		if (is_object($this->authenticate) && method_exists($this->authenticate, 'hashPasswords')) {
-			return $this->authenticate->hashPasswords($data);
-		}
-
-		if (is_array($data)) {
-			$model = $this->getModel();
-
-			if(isset($data[$model->alias])) {
-				if (isset($data[$model->alias][$this->fields['username']]) && isset($data[$model->alias][$this->fields['password']])) {
-					$data[$model->alias][$this->fields['password']] = $this->password($data[$model->alias][$this->fields['password']]);
-				}
-			}
-		}
-		return $data;
-	}
-
 /**
  * Hash a password with the application's salt value (as defined with Configure::write('Security.salt');
  *

diff --git a/cake/libs/controller/components/auth/form_authenticate.php b/cake/libs/controller/components/auth/form_authenticate.php
@@ -86,7 +86,7 @@ public function authenticate(CakeRequest $request) {
 		}
 		$conditions = array(
 			$model . '.' . $fields['username'] => $request->data[$model][$fields['username']],
-			$model . '.' . $fields['password'] => $request->data[$model][$fields['password']],
+			$model . '.' . $fields['password'] => $this->hash($request->data[$model][$fields['password']]),
 		);
 		if (!empty($this->settings['scope'])) {
 			$conditions = array_merge($conditions, $this->settings['scope']);
@@ -101,4 +101,14 @@ public function authenticate(CakeRequest $request) {
 		unset($result[$model][$fields['password']]);
 		return $result[$model];
 	}
+
+/**
+ * Hash the supplied password using the configured hashing method.
+ *
+ * @param string $password The password to hash.
+ * @return string Hashed string
+ */
+	public function hash($password) {
+		return Security::hash($password, null, true);
+	}
 }
diff --git a/cake/tests/cases/libs/controller/components/auth.test.php b/cake/tests/cases/libs/controller/components/auth.test.php
@@ -1089,42 +1089,6 @@ function testNoRedirectOn404() {
 		$this->assertTrue($result, 'Auth redirected a missing action %s');
 	}
 
-/**
- * test Hashing of passwords
- *
- * @return void
- */
-	function testHashPasswords() {
-		$this->Controller->Auth->userModel = 'AuthUser';
-
-		$data['AuthUser']['password'] = 'superSecret';
-		$data['AuthUser']['username'] = 'superman@dailyplanet.com';
-		$return = $this->Controller->Auth->hashPasswords($data);
-		$expected = $data;
-		$expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true);
-		$this->assertEqual($return, $expected);
-
-		$data['Wrong']['password'] = 'superSecret';
-		$data['Wrong']['username'] = 'superman@dailyplanet.com';
-		$data['AuthUser']['password'] = 'IcantTellYou';
-		$return = $this->Controller->Auth->hashPasswords($data);
-		$expected = $data;
-		$expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true);
-		$this->assertEqual($return, $expected);
-
-		$xml = array(
-			'User' => array(
-				'username' => 'batman@batcave.com',
-				'password' => 'bruceWayne',
-			)
-		);
-		$data = new Xml($xml);
-		$return = $this->Controller->Auth->hashPasswords($data);
-		$expected = $data;
-		$this->assertEqual($return, $expected);
-	}
-
-
 /**
  * testAdminRoute method
  *

diff --git a/cake/tests/cases/libs/controller/components/auth/form_authenticate.test.php b/cake/tests/cases/libs/controller/components/auth/form_authenticate.test.php
@@ -41,8 +41,8 @@ function setUp() {
 			'fields' => array('username' => 'user', 'password' => 'password'),
 			'userModel' => 'User'
 		));
-		$this->password = Security::hash('password', null, true);
-		ClassRegistry::init('User')->updateAll(array('password' => '"' . $this->password . '"'));
+		$password = Security::hash('password', null, true);
+		ClassRegistry::init('User')->updateAll(array('password' => '"' . $password . '"'));
 	}
 
 /**
@@ -116,7 +116,7 @@ function testAuthenticateSuccess() {
 		$request = new CakeRequest('posts/index', false);
 		$request->data = array('User' => array(
 			'user' => 'mariano',
-			'password' => $this->password
+			'password' => 'password'
 		));
 		$result = $this->auth->authenticate($request);
 		$expected = array(
@@ -138,7 +138,7 @@ function testAuthenticateScopeFail() {
 		$request = new CakeRequest('posts/index', false);
 		$request->data = array('User' => array(
 			'user' => 'mariano',
-			'password' => $this->password
+			'password' => 'password'
 		));
 
 		$this->assertFalse($this->auth->authenticate($request));
@@ -168,7 +168,7 @@ function testPluginModel() {
 		$request = new CakeRequest('posts/index', false);
 		$request->data = array('TestPluginAuthUser' => array(
 			'username' => 'gwoo',
-			'password' => Security::hash('cake', null, true)
+			'password' => 'cake'
 		));
 
 		$result = $this->auth->authenticate($request);